Accessing an entity inside a private network

US 7,139,828 B2
Filed: 08/30/2002
Issued: 11/21/2006
Est. Priority Date: 08/30/2002
Status: Expired due to Term

First Claim

Patent Images

1. A method for communicating among network entities, comprising:

establishing a persistent connection between a first entity in a private network and a second entity outside said private network to enable access to the first entity by entities outside of the private network, said establishing a persistent connection includes associating a public address with the first entity and communicating the public address associated with the first entity to the second entity, the second entity having an associated public address which is different than the public address associated with the first entity;

providing the public address of the second entity to a third entity outside said private network;

initiating communication with said first entity, said communication is initiated by said third entity from outside said private network providing an identification associated with said persistent connection and data for the first entity to said second entity, said identification and said data being provided to said second entity using the public address of the second entity as a destination address, said second entity identifying said public address associated with said first entity based on the identification and forwarding the data to said first entity via said persistent connection using said public address associated with said first entity; and

exchanging subsequent communication between said first entity and said third entity through a device associated with said private network using a private address of the first entity.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is disclosed that allows an entity outside of a private network to initiate communication with an entity inside the private network. The entity inside of the private network maintains a persistent connection with an agent. In one embodiment, communications that are intended for the entity inside the private network are sent to the agent. The agent then forwards the communications to the entity inside the private via the persistent connection.

Citations

74 Claims

1. A method for communicating among network entities, comprising:
- establishing a persistent connection between a first entity in a private network and a second entity outside said private network to enable access to the first entity by entities outside of the private network, said establishing a persistent connection includes associating a public address with the first entity and communicating the public address associated with the first entity to the second entity, the second entity having an associated public address which is different than the public address associated with the first entity;
  
  providing the public address of the second entity to a third entity outside said private network;
  
  initiating communication with said first entity, said communication is initiated by said third entity from outside said private network providing an identification associated with said persistent connection and data for the first entity to said second entity, said identification and said data being provided to said second entity using the public address of the second entity as a destination address, said second entity identifying said public address associated with said first entity based on the identification and forwarding the data to said first entity via said persistent connection using said public address associated with said first entity; and
  
  exchanging subsequent communication between said first entity and said third entity through a device associated with said private network using a private address of the first entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 2. A method according to claim 1, wherein:
    - all subseguent communication between said first entity and said third entity is transmitted via said persistent connection.
  - 3. A method according to claim 1, wherein:
    - said device is a stateful edge device for said private network; and
      
      said persistent connection goes through said stateful edge device for said private network.
  - 4. A method according to claim 1, wherein said step of exchanging subsequent communication includes:
    - inserting an IP packet into a UDP segment at said first entity;
      
      sending said UDP segment from said first entity to said second entity via said device and said persistent connection;
      
      removing said lP packet from said UDP segment at said second entity; and
      
      sending said IP packet from said second entity to said third entity.
  - 5. A method according to claim 1, wherein said step of exchanqinq subsequent communication includes the steps of:
    - inserting an IP packet into a UDP segment at said first entity;
      
      sending said UDP segment from said first entity to said device via said persistent connection;
      
      sending said UDP segment from said device to said second entity via said persistent connection using an address of said device as a source address;
      
      removing said IP packet from said UDP segment at said second entity; and
      
      sending said IP packet from said second entity to said third entity.
  - 6. A method according to claim 1, further comprising the steps of:
    - connecting said first entity to said private network;
      
      receiving a private address to be used by said first entity in said private network; and
      
      registering said first entity with said second entity.
  - 7. A method according to claim 1, further comprising the steps of:
    - maintaining said persistent connection; and
      
      registering said first entity with said second entity prior to said step of maintaining.
  - 8. A method according to claim 7, wherein said step of registering includes the steps of:
    - creating a UDP segment;
      
      sending said UDP segment from said first entity to said second entity; and
      
      storing, at said second entity, identification information for said first entity.
  - 9. A method according to claim 8, wherein:
    - said identification information includes a domain name, an address, and a port.
  - 10. A method according to claim 7, wherein said step of registering includes the steps of:
    - creating a UDP segment, said UDP segment includes a code requesting establishment of a connection;
      
      sending said UDP segment from said first entity to said device;
      
      sending said UDP segment from said device to said second entity using an IP address for said device as a source address; and
      
      storing data at said second entity, said data includes an IP address for said device, a port at said device associated with said UDP packet and a domain name for said first entity.
  - 11. A method according to claim 1, wherein:
    - said device is a NAT device; and
      
      said persistent connection goes through said NAT device.
  - 12. A method according to claim 7, wherein:
    - said step of maintaining includes sending keep alive packets from said first entity to said second entity prior to expiration of a predetermined time interval.
  - 13. A method according to claim 1, further comprising the steps of:
    - sending a request by said third entity to resolve a domain name for said first entity; and
      
      receiving a response to said request at said third entity, said response includes an address for said second entity.
  - 14. A method according to claim 1, further comprising the steps of:
    - sending a request by said third entity to resolve a domain name for said first entity; and
      
      receiving a response to said request at said third entity, said response includes an address for said second entity and an identifier for said first entity.
  - 15. A method according to claim 1, wherein said step of providing data for said first entity to said second entity includes the steps of:
    - creating a packet at said third entity;
      
      adding a domain name to said packet; and
      
      sending said packet from said third entity to said second entity.
  - 16. A method according to claim 1, wherein said step of forwarding includes the steps of:
    - associating said data with said first entity;
      
      inserting said data into a UDP segment; and
      
      sending said UDP segment to said first entity via said persistent connection.
  - 17. A method according to claim 16, wherein said step of forwarding includes the step of:
    - determining whether a domain name is included with said data, said step of inserting and sending are only performed if said domain name is included with said data.
  - 18. A method according to claim 16, wherein said step of sending said UDP packet to said first entity includes the steps of:
    - sending said UDP segment from said second entity to said device using a first address for said device; and
      
      sending said UDP segment from said device to said first entity using a private address for said first entity.
  - 19. A method according to claim 16, wherein:
    - said step of associating includes accessing a look up table on said second entity using an identifier of said first entity from said data; and
      
      said step of inserting includes using data in said look up table to add port information to said UDP segment and to address a packet for said UDP segment.
  - 20. A method according to claim 1, wherein:
    - said device is a first NAT device;
      
      said third entity is in a different private network using a different NAT device;
      
      said first entity communicates outside of said private network which said first entity is in using said first NAT device;
      
      said third entity communicates outside said different private network using said different NAT device;
      
      said persistent connection goes through said first NAT device.
  - 21. A method according to claim 1, wherein:
    - said device is a NAT device for said private network; and
      
      said persistent connection goes through said NAT device.
  - 22. A method according to claim 1, wherein:
    - said device is a stateless edcie device for said private network; and
      
      said persistent connection goes through said stateless edge device.
  - 23. A method according to claim 22, wherein:
    - said third entity initiates communication by providing a shim to said second entity which identifies a port number and an address for said device.
  - 24. A method according to claim 1, further comprising the steps of:
    - storing an entry in a data structure identifying said persistent connection; and
      
      receiving keep alive packets from said first entity prior to expiration of a predetermined time interval.

25. One or more processor readable storage devices having processor readable code embodied on said processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising:
- establishing a persistent connection between a first entity in a private network and a second entity outside said private network to enable access to the first entity by entities outside of said private network, said establishing a persistent connection includes associating a public address with the first entity and communicating the public address associated with the first entity to the second entity, the second entity having an associated public address which is different than the public address associated with the first entity;
  
  providing the public address of the second entity to a third entity outside said private network;
  
  initiating communication with said first entity, said communication is initiated by said third entity from outside said private network providing an identification associated with said persistent connection and data for said first entity to said second entity, said identification and said data being provided to said second entity using the public address of the second entity as a destination address, said second entity identifying said public address associated with said first entity based on the identification and forwarding the data to said first entity via said persistent connection using said public address associated with said first entity; and
  
  exchanging subseguent communication between said first entity and said third entity through a device associated with said private network using a private address of said first entity.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
- - 26. One or more processor readable storage devices according to claim 25, wherein said method further comprises the steps of:
    - inserting a packet into a UDP segment at said first entity;
      
      sending said UDP segment from said first entity to said second entity via said persistent connection; and
      
      sending said packet from said second entity to said third entity.
  - 27. One or more processor readable storage devices according to claim 25 wherein said step of forwarding includes the steps of:
    - associating said data with said first entity;
      
      inserting said data into a UDP segment; and
      
      sending said UDP segment to said first entity via said persistent connection.
  - 28. One or more processor readable storage devices according to claim 27, wherein said step of forwarding includes the step of:
    - determining whether a domain name is included with said data, said step of inserting and sending are only performed if said domain name is included with said data.
  - 29. One or more processor readable storage devices according to claim 27, wherein said step of sending said UDP packet to said first entity includes the steps of:
    - sending said UDP segment from said second entity to said device using a first address for said device; and
      
      sending said UDP segment from said device to said first entity using a private address for said first entity.
  - 30. One or more processor readable storage devices according to claim 27, wherein:
    - said step of associating includes accessing a look up table on said second entity using an identifier of said first entity from said data; and
      
      said step of inserting includes using data in said look up table to add port information to said UDP segment and to address a packet for said UDP segment.
  - 31. One or more processor readable storage devices according to claim 25, wherein:
    - all subsequent communication between said first entity and said third entity is transmitted via said persistent connection.
  - 32. One or more processor readable storage devices according to claim 25, wherein:
    - said device is a stateful edge device for said private network; and
      
      said persistent connection goes through said stateful edge device for said private network.
  - 33. One or more processor readable storage devices according to claim 25, wherein said step of exchanging subsequent communication includes:
    - inserting an IP packet into a UDP segment at said first entity;
      
      sending said UDP segment from said first entity to said second entity via said device and said persistent connection;
      
      removing said IP packet from said UDP segment at said second entity; and
      
      sending said IP packet from said second entity to said third entity.
  - 34. One or more processor readable storage devices according to claim 25, wherein said step of exchanging subsequent communication includes the steps of:
    - inserting an IP packet into a UDP segment at said first entity;
      
      sending said UDP segment from said first entity to said device via said persistent connection;
      
      sending said UDP segment from said device to said second entity via said persistent connection using an address of said device as a source address;
      
      removing said IP packet from said UDP segment at said second entity; and
      
      sending said IP packet from said second entity to said third entity.
  - 35. One or more processor readable storage devices according to claim 25, wherein said method further comprises the steps of:
    - connecting said first entity to said private network;
      
      receiving a private address to be used by said first entity in said private network; and
      
      registering said first entity with said second entity.
  - 36. One or more processor readable storage devices according to claim 25, wherein said method further comprises the steps of:
    - maintaining said persistent connection; and
      
      registering said first entity with said second entity prior to said step of maintaining.
  - 37. One or more processor readable storage devices according to claim 36, wherein said step of registering includes the steps of:
    - creating a UDP segment;
      
      sending said UDP segment from said first entity to said second entity; and
      
      storing, at said second entity, identification information for said first entity.
  - 38. One or more processor readable storage devices according to claim 37, wherein:
    - said identification information includes a domain name, an address, and a port.
  - 39. One or more processor readable storage devices according to claim 36, wherein said step of registering includes the steps of:
    - creating a UDP segment, said UDP segment includes a code requesting establishment of a connection;
      
      sending said UDP segment from said first entity to said device;
      
      sending said UDP segment from said device to said second entity using an IP address for said device as a source address; and
      
      storing data at said second entity, said data includes an IP address for said device, a port at said device associated with said UDP packet and a domain name for said first entity.
  - 40. One or more processor readable storage devices according to claim 36, wherein:
    - said step of maintaining includes sending keep alive packets from said first entity to said second entity prior to expiration of a predetermined time interval.
  - 41. One or more processor readable storage devices according to claim 25, wherein:
    - said device is a NAT device; and
      
      said persistent connection goes through said NAT device.
  - 42. One or more processor readable storage devices according to claim 25, wherein said method further comprises the steps of:
    - sending a request by said third entity to resolve a domain name for said first entity; and
      
      receiving a response to said request at said third entity, said response includes an address for said second entity.
  - 43. One or more processor readable storage devices according to claim 25, wherein said method further comprises the steps of:
    - sending a request by said third entity to resolve a domain name for said first entity; and
      
      receiving a response to said request at said third entity, said response includes an address for said second entity and an identifier for said first entity.
  - 44. One or more processor readable storage devices according to claim 25, wherein said step of providing data for said first entity to said second entity includes the steps of:
    - creating a packet at said third entity;
      
      adding a domain name to said packet; and
      
      sending said packet from said third entity to said second entity.
  - 45. One or more processor readable storage devices according to claim 25, wherein:
    - said device is a first NAT device;
      
      said third entity is in a different private network using a different NAT device;
      
      said first entity communicates outside of said private network which said first entity is in using said first NAT device;
      
      said third entity communicates outside said different private network using said different NAT device;
      
      said persistent connection goes through said first NAT device.
  - 46. One or more processor readable storage devices according to claim 25, wherein:
    - said device is a NAT device for said private network; and
      
      said persistent connection goes through said NAT device.
  - 47. One or more processor readable storage devices according to claim 25, wherein:
    - said device is a stateless edge device for said private network; and
      
      said persistent connection goes through said stateless edge device.
  - 48. One or more processor readable storage devices according to claim 47, wherein:
    - said third entity initiates communication by providing a shim to said second entity which identifies a port number and an address for said device.
  - 49. One or more processor readable storage devices according to claim 25, wherein said method further comprises the steps of:
    - storing an entry in a data structure identifying said persistent connection; and
      
      receiving keep alive packets from said first entity prior to expiration of a predetermined time interval.

50. An apparatus, comprising:
- a communication interface;
  
  one or more storage devices; and
  
  one or more processors in communication with said one or more storage devices and said communication interface, said one or more processors programmed to perform a method comprising;
  
  establishing a persistent connection between a first entity in a private network and a second entity outside said private network to enable access to the first entity by entities outside of the private network, said establishing a persistent connection includes associating a public address with the first entity and communicating the public address associated with the first entity to the second entity, the second entity having an associated public address which is different than the public address associated with the first entity;
  
  providing the public address of the second entity to a third entity outside said private network;
  
  initiating communication with said first entity, said communication is initiated by said third entity from outside said private network providing an identification associated with said persistent connection and data for the first entity to said second entity, said identification and said data being provided to said second entity using the public address of said second entity as a destination address, said second entity identifying said public address associated with said first entity based on the identification and forwarding the data to said first entity via said persistent connection using said public address associated with said first entity; and
  
  exchanging subseauent communication between said first entity and said third entity throuah a device associated with said private network using a private address of the first entity.
- View Dependent Claims (51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73)
- - 51. An apparatus according to claim 50, wherein:
    - all subsequent communication between said first entity and said third entity is transmitted via said persistent connection.
  - 52. An apparatus according to claim 50, wherein:
    - said device is a stateful edge device for said private network; and
      
      said persistent connection goes through said stateful edge device for said private network.
  - 53. An apparatus according to claim 50, wherein said step of exchanging subsequent communication includes:
    - inserting an IP packet into a UDP segment at said first entity;
      
      sending said UDP segment from said first entity to said second entity via said device and said persistent connection;
      
      removing said IP packet from said UDP segment at said second entity; and
      
      sending said IP packet from said second entity to said third entity.
  - 54. An apparatus according to claim 50, wherein said step of exchanging subsequent communication includes the steps of:
    - inserting an IP packet into a UDP segment at said first entity;
      
      sending said UDP segment from said first entity to said device via said persistent connection;
      
      sending said UDP segment from said device to said second entity via said persistent connection using an address of said device as a source address;
      
      removing said IP packet from said UDP segment at said second entity; and
      
      sending said IP packet from said second entity to said third entity.
  - 55. An apparatus according to claim 50, wherein said method further comprises the steps of:
    - connecting said first entity to said private network;
      
      receiving a private address to be used by said first entity in said private network; and
      
      registering said first entity with said second entity.
  - 56. An apparatus according to claim 50, wherein said method further comprises the steps of:
    - maintaining said persistent connection; and
      
      registering said first entity with said second entity prior to said step of maintaining.
  - 57. An apparatus according to claim 56, wherein said step of registering includes the steps of:
    - creating a UDP segment;
      
      sending said UDP segment from said first entity to said second entity; and
      
      storing, at said second entity, identification information for said first entity.
  - 58. An apparatus according to claim 57, wherein:
    - said identification information includes a domain name, an address, and a port.
  - 59. An apparatus according to claim 56, wherein said step of registering includes the steps of:
    - creating a UDP segment, said UDP segment includes a code requesting establishment of a connection;
      
      sending said UDP segment from said first entity to said device;
      
      sending said UDP segment from said device to said second entity using an IP address for said device as a source address; and
      
      storing data at said second entity, said data includes an IP address for said device, a port at said device associated with said UDP packet and a domain name for said first entity.
  - 60. An apparatus according to claim 56, wherein:
    - said step of maintaining includes sending keep alive packets from said first entity to said second entity prior to expiration of a predetermined time interval.
  - 61. An apparatus according to claim 50, wherein:
    - said device is a NAT device; and
      
      said persistent connection goes through said NAT device.
  - 62. An apparatus according to claim 50, wherein said method further comprises the steps of:
    - sending a request by said third entity to resolve a domain name for said first entity; and
      
      receiving a response to said request at said third entity, said response includes an address for said second entity.
  - 63. An apparatus according to claim 50, wherein said method further comprises the steps of:
    - sending a request by said third entity to resolve a domain name for said first entity; and
      
      receiving a response to said request at said third entity, said response includes an address for said second entity and an identifier for said first entity.
  - 64. An apparatus according to claim 50, wherein said step of providing data for said first entity to said second entity includes the steps of:
    - creating a packet at said third entity;
      
      adding a domain name to said packet; and
      
      sending said packet from said third entity to said second entity.
  - 65. An apparatus according to claim 50, wherein said step of forwarding includes the steps of:
    - associating said data with said first entity;
      
      inserting said data into a UDP segment; and
      
      sending said UDP segment to said first entity via said persistent connection.
  - 66. An apparatus according to claim 65, wherein said step of forwarding includes the step of:
    - determining whether a domain name is included with said data, said step of inserting and sending are only performed if said domain name is included with said data.
  - 67. An apparatus according to claim 65, wherein said step of sending said UDP packet to said first entity includes the steps of:
    - sending said UDP segment from said second entity to said device using a first address for said device; and
      
      sending said UDP segment from said device to said first entity using a private address for said first entity.
  - 68. An apparatus according to claim 65, wherein:
    - said step of associating includes accessing a look up table on said second entity using an identifier of said first entity from said data; and
      
      said step of inserting includes using data in said look up table to add port information to said UDP segment and to address a packet for said UDP segment.
  - 69. An apparatus according to claim 50, wherein:
    - said device is a first NAT device;
      
      said third entity is in a different private network using a different NAT device;
      
      said first entity communicates outside of said private network which said first entity is in using said first NAT device;
      
      said third entity communicates outside said different private network using said different NAT device;
      
      said persistent connection goes through said first NAT device.
  - 70. An apparatus according to claim 50, wherein:
    - said device is a NAT device for said private network; and
      
      said persistent connection goes through said NAT device.
  - 71. An apparatus according to claim 50, wherein:
    - said device is a stateless edge device for said private network; and
      
      said persistent connection goes through said stateless edge device.
  - 72. An apparatus according to claim 71, wherein:
    - said third entity initiates communication by providing a shim to said second entity which identifies a port number and an address for said device.
  - 73. An apparatus according to claim 50, wherein said method further comprises the steps of:
    - storing an entry in a data structure identifying said persistent connection; and
      
      receiving keep alive packets from said first entity prior to expiration of a predetermined time interval.

74. A method for communicating among network entities, comprising:
- establishing a persistent connection between a first host in a private network and an agent outside said private network to enable at least a second host which is outside of the private network to initiate communication with the first host, a stateful device associated with the private network associating a public address with the first host and communicating the public address and a name of the first host to the agent, the agent having an associated public address which is different than the public address associated with the first host, the agent communicating its public address and the name of the first host to a name server;
  
  receiving, at the name server, a request from the second host to resolve the name of the first host, the name server providing the public address of the agent to the second host in response to the request; and
  
  receiving, at the agent, an initial communication from the second host which is intended for the first host and which use the public address of the agent, the initial communication including an identification associated with said persistent connection, the agent using the identification associated with said persistent connection to identify the public address associated with the first host and forward the initial communication to the stateful device via the persistent connection using the public address associated with the first host, the stateful device forwarding the initial communication to the first host using a private address of the first host.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
F Poszat Hu LLC (Intellectual Ventures LLC)
Original Assignee
IP Dynamics Inc.
Inventors
Alkhatib, Hasan S., Elwailly, Farid F., Tobagi, Fouad A., Zhang, Yun Fei
Primary Examiner(s)
Etienne, Ario
Assistant Examiner(s)
EL CHANTI, HUSSEIN A

Application Number

US10/233,289
Publication Number

US 20040044778A1
Time in Patent Office

1,544 Days
Field of Search

709/227, 709/228, 709/230, 709/238, 709/250, 709216-219, 709223-224, 709/245
US Class Current

709/230
CPC Class Codes

H04L 61/2514   between local and global IP...

H04L 61/2567   for reachability, e.g. inqu...

H04L 61/4557   Directories for hybrid netw...

H04L 67/04   specially adapted for termi...

H04L 67/14   Session management for real...

H04L 67/63   Routing a service request d...

Accessing an entity inside a private network

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

74 Claims

Specification

Solutions

Use Cases

Quick Links

Accessing an entity inside a private network

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

74 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links